[apparmor] profile injection
beroal
me at beroal.in.ua
Wed Nov 24 12:01:21 UTC 2021
Hi. While thinking how to implement my idea
<https://lists.ubuntu.com/archives/apparmor/2021-November/012368.html>,
I've come up with the following question.
Suppose that a sysadmin creates a profile containing
```
profile $N $E {
include $RP
}
```
where $RP is the file path provided by a user. What are ways for the
user to be malicious? The most obvious one is when the user writes
```
}
profile $NM $EM {
$RM
```
into the file referred by $RP. This allegedly replaces the contents of
profile $NM with $RM which is not what the sysadmin intended.
Reading the `include_filename` function in `parser/parser_lex.l` and my
experiment gave me an impression that this attack is totally possible.
Is there any way to protect from it?
More information about the AppArmor
mailing list